Splunk® Enterprise

Admin Manual

Splunk Enterprise version 8.2 is no longer supported as of September 30, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

About the Splunk Enterprise AMI

Splunk Enterprise is available as an Amazon Machine Image on the Amazon Web Services Marketplace.

What is the Splunk Enterprise AMI?

The Splunk Enterprise AMI is an Amazon Machine Image consisting of Splunk Enterprise running on Amazon Linux.

The image includes a Splunk Enterprise Trial license. To learn about the license features and time limits, see Types of Splunk Enterprise licenses.

Get the Splunk Enterprise AMI with 1-click

  1. From the AWS Marketplace, select Splunk Enterprise AMI.
  2. On the overview tab, select "Continue to subscribe."
  3. Once the subscription authorization is complete, select "Continue to Configuration."
  4. Confirm Splunk Enterprise version and the region selected. Select "Continue to Launch."
  5. On the Launch this software page:
    1. Choose an EC2 instance type. Select an instance type with sufficient storage and resources to support your use-case. See Introduction to capacity planning for Splunk Enterprise in the Capacity Planning Manual for more information.
    2. In "Security Group Settings" select a security group.
    3. In "Key Pair Settings" select or create a key pair.
  6. Select "Launch"
  7. Make note of the ports that are opened in your chosen security group. The typical ports are: 8089 (Splunk Enterprise Management), 8000 (Splunk Web), 9997 (Splunk Forwarder listener), 22 (SSH), and 443 (SSL/HTTPS). For more information about open ports and security, see About securing Splunk software and How to secure and harden your Splunk software installation in Securing Splunk Enterprise.

Start using the Splunk Enterprise AMI

If you've already started a copy of the Splunk Enterprise AMI on the AWS Marketplace, then you'll have an instance of Splunk Enterprise running as the Splunk user. The Splunk Enterprise services will start when the machine starts.

Find Splunk Web

  1. In your EC2 Management Console, find your instance running Splunk Enterprise. Note the instance ID and public IP address.
  2. Paste the public IP into a new browser tab. Do not hit enter yet.
    1. Append the Splunk Web port to the end of the IP address. Example: http://$aws_public_ip:8000
    2. Hit enter.
  3. Log into Splunk Enterprise with the default AMI credentials:
    1. For Splunk Enterprise version 7.2.5 and later:
      1. username: admin
      2. password: SPLUNK-$instance id$
      3. It is recommended that you change your password after login.
    2. For older Splunk Enterprise versions:
      1. username: admin
      2. password: $instance id$
      3. On the next screen, set a new password.

Next tasks

Upgrade

Upgrade Splunk Enterprise version

See "How to upgrade Splunk" in the Installation Manual. Be sure to run a backup before you begin the upgrade.

Upgrade your AWS storage capacity

See the AWS documentation about Amazon EBS.

Upgrade your AWS compute capacity

See the AWS documentation about Amazon EC2.

Get help

To find community resources and get help, see Get Started with Splunk Community. To purchase a Splunk Enterprise license and support, contact sales@splunk.com.

Last modified on 29 January, 2021
Use Splunk Web with a reverse proxy configuration   alert_actions.conf

This documentation applies to the following versions of Splunk® Enterprise: 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2, 9.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters